Barney Boisvert wrote: > I use a sessionID value, much like a cookie. Every WS interaction > starts with a call to the 'authenticate' method, passing credentials. > If they're valid, a sessionID is returned, and must be passed with all > subsequent reqeusts (the actual WS calls). SessionIDs expire after a > bit of time, as expected, and I also expose a logout/unauthenticate > method that will do it explicitly should the client be well behaved > enough to care.
This is exactly what I do. I store the sessionID and userID in a database table, so when they authenticate using the sessionID, I take the userID associated, and verify that it's still a valid user... that way if a user gets deleted while they are currently in session, then their session automatically becomes invalid as well. - Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:191682 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
